The LDAP schema parser of python-ldap 3.3.1 and earlier are vulnerable to a regular expression denial-of-service attack. The issue affects clients that use ldap.schema package to parse LDAP schema definitions from an untrusted source. References: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
while flaw is present in AAP and Ansible Tower, and can be corrected by upgrading to python-ldap 3.4, issue is mitigated due to current input sanitization that occurs in the code.
Upstream commits: https://github.com/python-ldap/python-ldap/pull/444/commits
Created python-ldap tracking bugs for this issue: Affects: fedora-all [bug 2051816] Created python-ldap3 tracking bugs for this issue: Affects: epel-all [bug 2051817] Affects: fedora-all [bug 2051815] Affects: openstack-rdo [bug 2051813]
Why are there bugs against python-ldap3 if the bug is in a different package, python-ldap? They are different projects that do not share a codebase.
marking Services notaffected per ./static/#/flaw/2044615#comment3